Why Password and Account Security Matters

Your URI account is more than just email. It can give access to grades, payroll, research, financial aid, and personal information. If someone breaks into your account, they can:

  • Change your classes, grades, or direct-deposit pay information
  • Steal personal or research data
  • Send harmful or fraudulent messages in your name
  • Reset passwords on other accounts linked to your email

A few simple habits greatly reduce your risk.

What URI Requires and Provides

  • Multi‑Factor Authentication (MFA) is required on all URI Single Sign-On (SSO) accounts.
  • Passwordless sign-in is supported using Microsoft Authenticator.
  • Passkeys, FIDO security keys, and other one‑time password (OTP) apps are supported.
  • 1Password is offered by URI’s Office of Information Security for secure password management.

Stronger Sign‑In: Password + Something Else

Passwords alone are no longer enough. Attackers can guess, steal, or trick you into giving them away. That’s why URI uses Multi‑Factor Authentication (MFA).

MFA means you sign in with:

  • Something you know – your password, and
  • Something you have – like an app, passkey, or hardware key.

This extra step makes it much harder for someone to break into your account, even if they get your password.

Supported MFA and Passwordless Options at URI

Microsoft Authenticator (Recommended)

  • Use the Microsoft Authenticator app on your smartphone.
  • You can approve sign‑in requests with a tap, or use passwordless sign‑in (no password, just the app and a code).
  • Works with URI Single Sign-On (SSO) services such as email, Office 365, Brightspace, and more.

Passkeys and FIDO Security Keys

  • Passkeys let you sign in with your device’s built‑in security (e.g., Face ID, Touch ID, fingerprint, or PIN) instead of a traditional password.
  • FIDO security keys are small USB/NFC devices that you plug in or tap when signing in.

These options are very resistant to phishing and are recommended for anyone working with sensitive data or research.

OTP (One‑Time Password) Apps

You can use OTP apps (time‑based one‑time passwords) such as Microsoft Authenticator, 1Password’s built‑in OTP, or other compatible apps.

  • These apps generate a short code that changes every 30–60 seconds.
  • You enter the code along with your password when prompted.

Important: URI is reducing support for SMS text or phone call verification for MFA. These methods are easier for attackers to hijack through SIM‑swapping or call‑spoofing.

Using 1Password at URI

URI’s Office of Information Security offers 1Password as a secure way to store and manage your passwords.

What 1Password does for you:

  • Creates strong passwords: It can generate long, random passwords that are very hard to guess.
  • Remembers them for you: You only need to memorize one strong master password.
  • Fills them in for you: It can autofill usernames and passwords on websites and apps.
  • Stores more than passwords: You can securely store passkeys, secure notes, and recovery codes.

Good ways to use 1Password:

  • Create a unique password for every account, especially for email, banking, and URI systems.
  • Store backup MFA codes and recovery keys in your 1Password vault.
  • Use 1Password on all your main devices (computer, phone, tablet) so you’re not tempted to reuse easy passwords.

Tips for Strong, Safe Passwords

Even with 1Password and MFA, your password still matters. Follow these guidelines:

  • Use long passwords or passphrases
    • Aim for at least 14–16 characters. Longer is better. A simple way is to use a passphrase: a sentence or group of random words.
  • Make passwords unique
    • Use a different password for every important account, especially:
      • URI SSO
      • Personal email
      • Banking / financial accounts
      • Cloud storage and social media
  • Use a password manager
    • Save your passwords in 1Password instead of in your browser, on paper, or in a text file.
  • Don’t reuse passwords
    • If one website is breached, attackers try the same password on your email, banking, and URI accounts.
  • Don’t use easy-to-guess details
    • Avoid using:
      • Your name, username, or email
      • Birthdays, addresses, or phone numbers
      • Common words like “password”, “qwerty”, or “ramfan123”
  • Don’t store passwords in unsafe places
    • Avoid keeping them in:
      • Unencrypted notes on your phone
      • Word documents or spreadsheets without protection
      • Sticky notes on your desk or monitor

Recognizing Suspicious Sign‑In Prompts and Phishing

Attackers often try to trick you into giving them your password or approving a sign‑in.

Watch out for:

  • Unexpected sign‑in prompts from Microsoft Authenticator
    • If you aren’t trying to sign in and see an approval request, deny it.
    • If it keeps happening, change your password immediately and contact IT support.
  • Fake login pages that look like URI or Microsoft
    • Always check the web address (URL) before typing your password.
    • URI sign‑ins should use official URI or Microsoft login pages (e.g., login.microsoftonline.com, .uri.edu domains).
    • When in doubt, go to the site directly from a bookmark or by typing the address, rather than clicking a link.
  • Phishing emails or messages asking for your password or codes
    • URI will never ask you to send your password, MFA codes, or recovery codes by email, phone, or text.
    • Be cautious with messages that:
      • Use urgent or threatening language (“your account will be closed today”)
      • Offer money, access, or special deals that seem too good to be true
      • Have unusual spelling, grammar, or sender addresses

If Something Feels Wrong

Act quickly if you notice:

  • Unexpected password reset emails
  • Logins or MFA prompts you did not start
  • Messages sent from your account that you did not write
  • Files missing or changed without your knowledge

Steps to take right away:

  • Change your URI password using the official URI password portal.
  • Check your MFA methods and remove any devices or methods you don’t recognize.
  • Run a security check on your computer or phone (update your system and antivirus, scan for malware).
  • Contact URI IT support or the Office of Information Security and report what happened.

Need Help?

If you need help with:

  • Setting up or using MFA (Microsoft Authenticator, passkeys, FIDO keys, or OTP apps)
  • Getting started with 1Password
  • Unsure whether an email or sign‑in prompt is legitimate
  • Recovering access to your account
  • Please contact URI IT support or the Office of Information Security through the official URI website or help desk channels.

Staying safe online is a shared responsibility. Protecting your password and account protects you, your work, and the entire URI community.